If the calc_finished function returns an error code, don't ignore it but
instead return the error code to stop the handshake as the Finished
message may be incorrect.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
The of m_bytes value isn't actually used when it's uninitialized,
because *data is null, but that's very fragile.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In particular, run the test case
"Authentication: hostname unset, client required, secure config, CA callback"
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In a TLS client, when using certificate authentication, the client should
check that the certificate is valid for the server name that the client
expects. Otherwise, in most scenarios, a malicious server can impersonate
another server.
Normally, the application code should call mbedtls_ssl_set_hostname().
However, it's easy to forget. So raise an error if mandatory certificate
authentication is in effect and mbedtls_ssl_set_hostname() has not been
called. Raise the new error code
MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME, for easy
identification.
But don't raise the error if the backward compatibility option
MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME is
enabled.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Use a special marker as ssl->hostname if mbedtls_ssl_set_hostname() has been
called with NULL. If mbedtls_ssl_set_hostname() has never been called, the
field is NULL, as before.
No behavior change apart from now emitting a different log message depending
on whether mbedtls_ssl_set_hostname() has been called with NULL or not at all.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
New abstractions to access ssl->hostname:
mbedtls_ssl_has_set_hostname_been_called() (only implemented approximatively
for now), mbedtls_ssl_get_hostname_pointer(), mbedtls_ssl_free_hostname().
Only access ssl->hostname directly in these functions and in
mbedtls_ssl_set_hostname().
Use these abstractions to access the hostname with the opportunity for
extra checks in mbedtls_ssl_verify_certificate().
No behavior change except for a new log message.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Fix some build errors when MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED is false
but MBEDTLS_X509_CRT_PARSE_C is enabled. This is not a particularly useful
configuration, but for quick testing, it's convenient for it to work.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The following files are moved to the framework repo (deleted here):
tests/scripts/test_psa_compliance.py
tests/scripts/test_psa_constant_names.py
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
These tests are about EC curves/groups, not DH ones, so the description
should be updated accordingly.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This is the backport of commit b8ef2a4455 from the "development" branch
which adapts handshake_fragmentation() to use ECDHE-RSA instead of
DHE-RSA. However, since DHE-RSA is not removed in the mbedtls-3.6 branch,
here tests are added instead of replaced.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
PR #9916 adapt some DHE-RSA tests to use ECDHE-RSA instead. However,
since DHE-RSA is not deprecated in mbedtls-3.6 branch, this commit adds
these new tests alongside DHE-RSA ones intead of replacing them in order
to increase test coverage.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
We should not manually set the TLS version, the tests are supposed to
pass in 1.3-only builds as well. Instead do the normal thing of setting
defaults. This doesn't interfere with the rest of the testing, so I'm
not sure why we were not doing it.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
